Authorisation - Permission-Role Model

Although Vert.x auth itself does not mandate any specific model of permissions (they are just opaque strings), this
implementation uses a familiar user/role/permission model, where a user can have zero or more roles and a role
can have zero or more permissions.

If validating if a user has a particular permission simply pass the permission into.
isAuthorised as follows:

The default role prefix is role:. You can change this with setRolePrefix.

The Shiro properties auth provider

This auth provider implementation uses Apache Shiro to get user/role/permission information from a properties file.

Note that roles are not available directly on the API due to the fact that vertx-auth tries to be as portable as
possible. However one can run assertions on role by using the prefix role: or by specifying the prefered prefix
with setRolePrefix.

The implementation will, by default, look for a file called vertx-users.properties on the classpath.

If you want to change this, you can use the properties_path configuration element to define how the properties
file is found.

The default value is classpath:vertx-users.properties.

If the value is prefixed with classpath: then the classpath will be searched for a properties file of that name.

If the value is prefixed with file: then it specifies a file on the file system.

If the value is prefixed with url: then it specifies a URL from where to load the properties.

The properties file should have the following structure:

Each line should either contain the username, password and roles for a user or the permissions in a role.

The Shiro LDAP auth provider

The following configuration properties are used to configure the LDAP realm:

ldap-user-dn-template

this is used to determine the actual lookup to use when looking up a user with a particular
id. An example is uid={0},ou=users,dc=foo,dc=com - the element {0} is substituted with the user id to create the
actual lookup. This setting is mandatory.

ldap_url

the url to the LDAP server. The url must start with ldap:// and a port must be specified.
An example is ldap://myldapserver.mycompany.com:10389

ldap-authentication-mechanism

TODO

ldap-context-factory-class-name

TODO

ldap-pooling-enabled

TODO

ldap-referral

TODO

ldap-system-username

TODO

ldap-system-password

TODO

Using another Shiro Realm

It’s also possible to create an auth provider instance using a pre-created Apache Shiro Realm object.

This is done as follows:

var provider = ShiroAuth.create(vertx, realm)

The implementation currently assumes that user/password based authentication is used.
<a href="mailto:julien@julienviet.com">Julien Viet</a><a href="http://tfox.org">Tim Fox</a>